lighttpd (1.4.45-1) unstable; urgency=medium * New upstream version 1.4.45. - Drop kfreebsd-disable-test.patch (upstream says its fixed). * Fix upstream spelling errors. * Fix cgi-bin path on start page (closes: #763618) * Remove automatically generated files from the upstream tarball again. * Suggest the service command instead of /etc/init.d for restarting services (closes: #762663). -- Michael Gilbert Sat, 14 Jan 2017 21:07:19 +0000 lighttpd (1.4.44-1) unstable; urgency=medium * New upstream version 1.4.44 * debian/copyright: make lintian happy * debian/control: add libssl1.0-dev as alternative for libssl-dev -- Krzysztof Krzyżaniak (eloy) Mon, 09 Jan 2017 17:43:47 +0100 lighttpd (1.4.43+git20161216-1) unstable; urgency=medium * New upstream snapshot (closes: #846917). * Remove unneeded perl dependencies. * Update debian/copyright to format 1.0. * Ship NEWS file as upstream's changelog. * Remove systemd dependency (closes: #846299). * Suggest php5-cgi instead of recommending it. * Update watch file to look for upstream's xz tarball. * Fix incorrect bug number in previous changelog entry. * Make a mod_rewrite conf file available (closes: #751957). * Point to /var/www/html from the placeholder page (closes: #808921). * Add new packages for LDAP, GSSAPI, MySQL, and GeoIP modules. - Thanks to Stefan Bühler. * Fix build hardening flags. - Thanks to Stefan Bühler. -- Michael Gilbert Mon, 19 Dec 2016 00:04:25 +0000 lighttpd (1.4.43-1) unstable; urgency=medium * New upstream release (closes: #841732). - Fixes CVE-2016-1000212 (closes: #832571). - Adds support for openssl 1.1.0 (closes: #828421). * Update standards version. * Fix lsb-base lintian error. * Add Glenn Strauss signing key. * Use upstream's systemd service file. * Recommend php5-cgi (closes: #774644). * Suggest lighttpd-doc (closes: #806523). * Use default-libmysqlclient-dev build dependency. -- Michael Gilbert Sat, 26 Nov 2016 05:09:35 +0000 lighttpd (1.4.39-1) unstable; urgency=medium * New upstream release. -- Michael Gilbert Sun, 03 Jan 2016 03:59:55 +0000 lighttpd (1.4.37-1) unstable; urgency=medium * New upstream release. - Log file injection issue CVE-2015-3200 fixed (closes: #787132). * Add a debian/clean file. * Drop upstreamed patches. * Add upstream signing key. * Update standards version. * Apply the non-maintainer upload. -- Michael Gilbert Sun, 06 Sep 2015 05:37:20 +0000 lighttpd (1.4.35-4.1) unstable; urgency=medium * Non-maintainer upload. * Fix "FTBFS with perl 5.22: test failures (CGI.pm)": Add build dependency on libcgi-pm-perl. CGI.pm was deprecated in Perl 5.19.x and removed in 5.21.x which makes the explicit build dependency necessary. (Closes: #789856) -- gregor herrmann Thu, 27 Aug 2015 18:29:21 +0200 lighttpd (1.4.35-4) unstable; urgency=medium * Disable SSLv3 by default (closes: #765702). -- Michael Gilbert Sun, 02 Nov 2014 02:49:09 +0000 lighttpd (1.4.35-3) unstable; urgency=medium * Support building with dpkg-buildpackage -g. * Drop libmemcache-dev build-dependency (closes: #748809). -- Michael Gilbert Mon, 18 Aug 2014 03:42:29 +0000 lighttpd (1.4.35-2) unstable; urgency=medium * Fix a spelling error. * Add a lintian override. * Make VCS field canonical. * Add myself to the uploaders. * Use dh-autoreconf (closes: #726394, #731104). * Disable indeterminant test on kfreebsd (closes: #731074). -- Michael Gilbert Sat, 05 Apr 2014 18:12:03 +0000 lighttpd (1.4.35-1) unstable; urgency=low * New upstream version (fixes CVE-2014-2323, CVE-2014-2324) + Delete patches: cve-2013-4508.patch, cve-2013-4559.patch, cve-2013-4560.patch. Those are all cumulative included since lighttpd 1.4.34 * Acknowledge NMUs by the security team * Make the init script wait until lighttpd really terminates. * Change the default document root /var/www/html (Closes: #730379), add a Lintian override for it * Bump the debhelper dependency to >= 9.20130624 to ensure dh_installinit is recent enough for systemd (Closes: #713860) * Reorder LSB init dependencies, add $local_fs to it * Add hardening flags to lighttpd. Thanks to Michael Gilbert for providing a patch (Closes: #741497) * Remove W3C logo from index.html to avoid inclusion of images hosted elsewhere * Push standards version to 3.9.5 (no changes needed). -- Arno Töll Sat, 22 Mar 2014 03:06:59 -1100 lighttpd (1.4.33-1+nmu2) unstable; urgency=high * Non-maintainer upload by the Security Team. * Fix regression caused by the fix for cve-2013-4508 (closes: #729480). -- Michael Gilbert Sat, 16 Nov 2013 22:29:07 +0000 lighttpd (1.4.33-1+nmu1) unstable; urgency=high * Non-maintainer upload by the Security Team (closes: #729453). * Fix cve-2013-4508: ssl cipher suites issue. * Fix cve-2013-4559: setuid privilege escalation issue. * Fix cve-2013-4560: use-after-free in fam. -- Michael Gilbert Wed, 13 Nov 2013 02:19:47 +0000 lighttpd (1.4.33-1) unstable; urgency=low * Drop the connection-dos.patch - merged upstream. * Fix "mod_extforward missing configuration file": ship requested configuration file (Closes: #697304) * Remove access.conf, an obsolete conffiles as we should have done since 2010 (Closes: #703215) * Push debhelper's compat mode to 9, the use of maintscript helper requires 8.1 so we had to push the debhelper b-d anyway. * Fix "config.guess/config.sub out of date for arm64" by adding the patch provided by Colin Watson. Thanks (Closes: #726394). * Fix "[PATCH] use dh-systemd for proper systemd-related maintscripts" to add systemd support. Thanks to Michael Stapelberg (Closes: #713859) -- Arno Töll Tue, 15 Oct 2013 21:24:49 +0200 lighttpd (1.4.31-4) unstable; urgency=high * CVE-2013-1427: Switch the socket path for PHP when using FastCGI. /tmp is world-writable which may cause security implications if an attacker manages to control /tmp/php.socket before the web server (re-)starts. * Switch VCS to git * Push standards version (no changes) -- Arno Töll Thu, 14 Mar 2013 02:20:07 +0100 lighttpd (1.4.31-3) unstable; urgency=high * Fix "configuration files refer to wrong path for documentation" by merging a patch supplied by Denis Laxalde (Closes: #676641) * CVE-2012-5533: Fix Denial Of Service attacks against Lighttpd by sending faulty Connection headers -- Arno Töll Wed, 21 Nov 2012 14:42:32 +0100 lighttpd (1.4.31-1) unstable; urgency=low * New upstream release * Be more careful when removing dangling symlinks, as introduced in 1.4.30-1. Under some configurations the postrm script could fail previously. * Change the use-ipv6.pl script to read the default listening port as a command line argument, fall back to the old default behavior otherwise (Closes: #632723, #642604). Thanks to Sebastian Pipping to accidentally give a hint how to fix this old problem by driving by. * Push standards version to 3.9.3.1 - no further changes * Fix "[lighttpd] "ldap" lowercase in extended description" by fixing the typo (Closes: #670206) * Update my maintainer address -- Arno Töll Fri, 01 Jun 2012 23:46:05 +0200 lighttpd (1.4.30-1) unstable; urgency=medium * New upstream release + Fix integer overflow (CVE-2011-4362) (Closes: #652726) + Fix attack vector as disclosed by the SSL BEAST attack (related: CVE-2011-3389). Note: If you are upgrading from an older version you need to change your configuration to mitigate effects of the attack. See the corresponding NEWS file for details. + Count SSL renegotiations to prevent client renegotiations * Urgency set to medium due to security updates. * Adapt to dpkg 1.16.1 API changes regarding build flags. This enables hardening build flags. This means, lighttpd is now being built with -fstack-protector and other security related build flags. * Add dpkg-dev (>= 1.16.1~) to build-depends to make sure our buildflags are properly supported. That's guaranteed for Testing, but might be helpful to know for backporters. * Fix "Doesn't remove /etc/lighttpd on purge" by removing dangling symlinks /only/. This does not entirely fix the problem of the maintainer, but we can not simply remove all files in /etc/lighttpd as other packages or the user himself might have left configuration files back (Closes: #642494) * Fix "please include systemd service file" Support systemd as alternative to sysvinit, ship systemd and tempfiles.d configuration files. Thanks to Michael Stapelberg for providing the required files (Closes: #652442) -- Arno Töll Tue, 20 Dec 2011 11:36:09 +0100 lighttpd (1.4.29-1) unstable; urgency=low * New upstream release * Fix "lighty-enable-mod should return non-zero on fail" Update script to leave with appropriate exit status (Closes: #629638) * Remove the following patches: + silence-errors.diff - applied upstream + patches/ssl-fix.patch - applied upstream * Add `debian/source/options' to make dpkg-source ignore glitches done by upstream's Makefile in `src/mod_ssi_exprparser.c' and `src/configparser.c' * Run maintainer scripts with `set -e' -- Arno Töll Mon, 04 Jul 2011 17:30:11 +0200 lighttpd (1.4.28-5) unstable; urgency=low * Build with sbuilder to avoid linking to non-existed packages. -- Krzysztof Krzyżaniak (eloy) Tue, 26 Apr 2011 15:05:06 +0200 lighttpd (1.4.28-4) unstable; urgency=low [ Krzysztof Krzyżaniak (eloy) ] * Add Arno Töll to Uploaders [ Arno Töll ] * Fix "leaves dangling alternatives on upgrade" add preinst script which removes the dangling symlink (Closes: #614716) * Fix "/etc/lighttpd/conf-available/15-fastcgi-php.conf: fastcgi-php file missing a required directive" add a dependency based recursive module enable system in lighty-enable-mod (Closes: #600050) * Fix "binNMU for openssl 1.0.0 broke SSL support" backport fix from upstream to avoid name clashes between OpenSSL and Lighty's MD5 implementation (Closes: #622733) -- Arno Töll Sat, 09 Apr 2011 13:22:45 -0400 lighttpd (1.4.28-3) unstable; urgency=low [ Krzysztof Krzyżaniak (eloy) ] * Updated debian/control and debian/copyright files * fix for debhelper-overrides-need-versioned-build-depends (>= 7.0.50~) * debian/compat: increased to 8 [ Olaf van der Spek] * Don't fail install if server fails to start (closes: #383425) * Fix index-file.names typo (closes: #609890) -- Olaf van der Spek Mon, 03 Jan 2011 22:56:38 +0100 lighttpd (1.4.28-2) unstable; urgency=medium [ Olaf van der Spek ] * Use relative instead of absolute links for conf-enabled (closes: #541645) * Fix /doc/ for IPv6 (closes: #512583) [ Krzysztof Krzyżaniak (eloy) ] * Added patch patches/silence-errors.diff (closes: #601177) -- Krzysztof Krzyżaniak (eloy) Fri, 12 Nov 2010 12:08:48 +0100 lighttpd (1.4.28-1) unstable; urgency=low [ Olaf van der Spek ] * New upstream release (closes: 521235, 572031, 564556) * Add check_syntax() from Ubuntu (closes: 589200) -- Thijs Kinkhorst Mon, 30 Aug 2010 20:53:18 +0200 lighttpd (1.4.26-3) unstable; urgency=low * Ack for NMU, fix for SSL incompatibility (closes: #572031) -- Krzysztof Krzyżaniak (eloy) Thu, 03 Jun 2010 21:22:24 +0200 lighttpd (1.4.26-2) unstable; urgency=low [ Krzysztof Krzyżaniak (eloy) ] * Switch to dpkg-source 3.0 (quilt) format * debian/control: + removed Franz Pletz from Uploaders, he's MIA (closes: #579366) + change dependency from libmysqlclient15-dev to more general libmysqlclient-dev [ Olaf van der Spek ] * take conf dir as an optional parameter (closes: 489854) * don't try to make /var/run/lighttpd when invoked with status (closes: 538662) * split FastCGI PHP conf from FastCGI conf (closes: 515699) * reduce max-procs from 2 to 1 (closes: 456200) * move debian doc handling into it's own file * set default vhost dir to /srv//htdocs (closes: 471054) * use delaycompress instead of copytruncate for logrotate (closes: 563626) * don't wait for old process to stop before starting new one for reload (closes: 504315) * use reopen-logs for logrotate (closes: 504319) * add no-www.conf (for use with evhost and simple-vhost, closes: 471055) * move evhost conf into it's own file -- Krzysztof Krzyżaniak (eloy) Tue, 01 Jun 2010 17:08:42 +0200 lighttpd (1.4.26-1) unstable; urgency=low * New upstream release (closes: #568735) * Use provided patch from Andres Rodriguez to implement status action in init.d script (closes: #539955) -- Krzysztof Krzyżaniak (eloy) Tue, 09 Feb 2010 18:02:13 +0100 lighttpd (1.4.25-2) unstable; urgency=low * Change behaviour of use-ipv6.pl script (closes: #560837) -- Krzysztof Krzyżaniak (eloy) Mon, 30 Nov 2009 14:23:03 +0100 lighttpd (1.4.25-1) unstable; urgency=low * New upstream release (closes: #558045) * debian/watch: updated * debian/control: Section field changed to web -- Krzysztof Krzyżaniak (eloy) Mon, 30 Nov 2009 14:03:15 +0100 lighttpd (1.4.24-1) unstable; urgency=low * New upstream release (closes: #530892) (closes: #538135) (closes: #482601) (closes: #541428) * debian/control: + Standards-Version: 3.8.3 * debian/init.d renamed to debian/lighttpd.init * Added $syslog to LSB header in init script (closes: #545576) (Jeremy Lal ) * debian/init.d: force-reload moved to reload section (closes: #538661) (Peter Eisentraut ) -- Krzysztof Krzyżaniak (eloy) Fri, 30 Oct 2009 17:37:29 +0100 lighttpd (1.4.23-3) unstable; urgency=low * debian/rules: make sure that scripts have proper rights (closes: #536668), (closes: #536681), (closes: #536688) (closes: #536668) -- Krzysztof Krzyżaniak (eloy) Mon, 13 Jul 2009 11:17:09 +0200 lighttpd (1.4.23-2) unstable; urgency=low * Add lighttpd.docs with README & NEWS file * New upstream closes wishlist bugs (closes: #535065) (closes: #515777) -- Krzysztof Krzyżaniak (eloy) Fri, 10 Jul 2009 11:11:15 +0200 lighttpd (1.4.23-1) unstable; urgency=low * New upstream release * spawn-fcgi is now separate package, recommends it debian/control * Update Standards-Version to 3.8.2 without changes * Remove cdbs, patchutils from Build-Depends, debian/rules uses debhelper 7 scripts * lighttpd.logrotate apply patch (closes: #535523) from Ubuntu (Daniel Hahler, https://launchpad.net/bugs/393792) -- Krzysztof Krzyżaniak (eloy) Thu, 09 Jul 2009 11:24:16 +0200 lighttpd (1.4.22-1) unstable; urgency=low * New upstream release (closes: #520124) (closes: #516897) (closes: #441173) * debian/control: Update to Standards-Version 3.8.1 (no changes so far), debhelper dependency updated to 7, utfize my name, satisfy lintian * Remove all patches, all fixed upstream but rewrite_redirect_decode_url Do NOT use rewrite/redirect to protect specific urls. -- Krzysztof Krzyżaniak (eloy) Wed, 18 Mar 2009 11:19:55 +0100 lighttpd (1.4.19-5) unstable; urgency=high * Remove the alias.url stanza from 10-cgi.conf (Closes: #499334). * Add patches for lighttpd security 2008-05 to 2008-07 (no CVE yet): + patches/lighttpd-1.4.x_request_header_memleak.patch + patches/lighttpd-1.4.x_rewrite_redirect_decode_url.patch + patches/lighttpd-1.4.x_userdir_lowercase.patch * Urgency set to high for security fix. -- Pierre Habouzit Sat, 27 Sep 2008 12:00:47 +0200 lighttpd (1.4.19-4) unstable; urgency=high * Make debian/use-ipv6.pl executable in debian/rules, thanks to Marco d'Itri for finding about this inexcusable mistake. -- Pierre Habouzit Mon, 12 May 2008 17:12:28 +0200 lighttpd (1.4.19-3) unstable; urgency=medium * Fix /var/cache/lighttpd/uploads permissions in postinst (Closes: 476870). * Update patches/ssl-connection-errors.patch using upstream r2144, thanks to upstream for noticing. * cherokee and lighttpd both provide spawn-fcgi, fix that using alternatives (Closes: 479501): + add spawn-fcgi.lighttpd.1 shamelessly stolen from cherokee packaging (thanks Gunnar). + install spawn-fcgi as spawn-fcgi.lighttpd. + install master alternatives on spawn-fcgi.lighttpd and spawn-fcgi.lighttd.1. + add Conflict against cherokee <= 0.6.1-1. * Quote "dangerous" bits of conf-available/10-cgi.conf (Closes: 479276). -- Pierre Habouzit Tue, 06 May 2008 20:01:37 +0200 lighttpd (1.4.19-2) unstable; urgency=low * Add patches/ssl-connection-errors.patch for CVE-2008-1531 (Closes: 475438). * Test for /var/cache/lighttpd/compress in lighttpd.cron.daily to avoid spurious errors for uninstalled and not purged lighttpd's (Closes: 472175). * Add handling of /var/cache/lighttpd/uploads (Closes: 408521): + add it in lighttpd.dirs. + add it as a server.upload-dirs in lighttpd.conf. + purge it daily in lighttpd.cron.daily. * Fix typo in lighttpd.preinst causing failure to update 05-auth symlink properly (Closes: 472119). * init.d: stopping an already stopped lighttpd, or starting an already running one should not fail (Closes: 472122). * Use $HTTP["remoteip"] =~ "127.0.0.1" in configuration snipplets so that it works when ipv6 is enabled by default too (Closes: 473510). * Use perl to detect if the host has ipv6, and generate the server.use-ipv6 snipplet on the fly instead of forcing it to true (Closes: 473053). -- Pierre Habouzit Sun, 13 Apr 2008 13:20:40 +0200 lighttpd (1.4.19-1~bpo40+1) etch-backports; urgency=low * Rebuild for etch-backports. -- Pierre Habouzit Thu, 20 Mar 2008 00:41:49 +0100 lighttpd (1.4.19-1) unstable; urgency=low * New upstream release. * debian/control: + add Build-Depends upon quilt, remove dpatch. + Bump Standards-Version to 3.7.3 (no changes required). + Move Homepage pseudo-headers as real headers. * debian/patches: + migrate to quilt. + remove 05_fdevent_fix.patch (merged upstream). + remove 06_mod_cgi_vuln_fix.patch (merged upstream). + refresh the rest of the series. * debian/lighty-enable-mod: + Reindent and remove trailing spaces. + don't fail to remove a module that is already removed. Patch from Michal Čihař (Closes: 448682). + Allow full stops in module names (Closes: 462199). * debian/lighttpd.conf: + enable ipv6 by default (Closes: 448054). + remove mod_status stanza, create conf-available/10-status.conf with it. * debian/lighttpd.cron.daily: new file, cleanup compressed cache. Thanks to Michal Čihař (Closes: 445224). * be sure mod_auth is loaded first (Closes: 419176): + add debian/lighttpd.preinst to rename 10-auth.conf into 05-auth.conf automagically (when it's a sane thing to do). + Document all that in NEWS.Debian. + debian/lighttpd.install: add 10-status.conf and 05-auth.conf. * debian/lighttpd.postinst: + chmod'ing /var/cache/lighttpd recursively is useless and too long. Just chmod the base directory, content is likely to be only created by lighty anyways. (Closes: 468297). * debian/init.d: + Add $remote_fs and $network (instead of networking) to Required-{Start,Stop}. + Add fam to Should-{Start,Stop} (Closes: 461180). * debian/lighttpd.links: add symlinks on lighty-* so that lighttpd-* commands exists as well (Closes: 435131). -- Pierre Habouzit Sun, 16 Mar 2008 12:01:41 +0100 lighttpd (1.4.18-4) unstable; urgency=high * The “I HATE DPATCH”-release. * Add patches for real as dpatch-edit-patch is stupid enough for not doing it by itself (Closes: 463368, 469307). -- Pierre Habouzit Tue, 11 Mar 2008 10:07:35 +0100 lighttpd (1.4.18-3) unstable; urgency=high * Force use of deprecated ldap interfaces (Closes: 463368), thanks to Dann Frazier (patches/ldap-deprecated.dpatch). * Add sample configuration for the mod_rrdtool (Closes: 462907). * add patches/06_mod_cgi_vuln_fix.dpatch to fix CVE-2008-1111 (Closes: 469307). * Remove spurious mkdir in debian/rules (Closes: 448160). * Bump urgency for RC bug fixes. -- Pierre Habouzit Sat, 08 Mar 2008 17:30:03 +0100 lighttpd (1.4.18-2) unstable; urgency=high * Move the aliases on /doc/ and /images/ mandated by policy at the end to circumvent #445459. * Add patches/05_fdevent_fix.dpatch to fix possible remote DoS (Closes: 466663). * bump urgency for security fix. -- Pierre Habouzit Wed, 27 Feb 2008 16:56:16 +0100 lighttpd (1.4.18-1) unstable; urgency=low * New upstream release, fixes CVE-2007-4727 (closes: #441787) * lighttpd-angel is installed but not used yet -- Krzysztof Krzyzaniak (eloy) Tue, 11 Sep 2007 12:45:11 +0200 lighttpd (1.4.17-1) unstable; urgency=low * New upstream release * patches/05_mysql_autoreconnect.dpatch - dropped, fixed in upstream -- Krzysztof Krzyzaniak (eloy) Tue, 04 Sep 2007 12:19:01 +0200 lighttpd (1.4.16-5~bpo40+2) etch-backports; urgency=low * Rebuild in an etch chroot *doh*. -- Pierre Habouzit Tue, 28 Aug 2007 11:37:38 +0200 lighttpd (1.4.16-5~bpo40+1) etch-backports; urgency=low * Rebuild for Etch backports. -- Pierre Habouzit Fri, 24 Aug 2007 10:12:10 +0200 lighttpd (1.4.16-5) unstable; urgency=low * debian/control: Drop conflict with gamin as it appears it was not the issue. (Closes: #438058). For real this time. -- Pierre Habouzit Sun, 19 Aug 2007 12:22:32 +0200 lighttpd (1.4.16-4) unstable; urgency=low * debian/control: Drop conflict with gamin as it appears it was not the issue. (Closes: #438058). * src/mod_mysql_vhost.c: Enable mysql auto-connect mode, as it's not default in mysql 5.x anymore. (Closes: #428677). -- Pierre Habouzit Sat, 18 Aug 2007 10:27:22 +0200 lighttpd (1.4.16-3) unstable; urgency=high * Urgency set to high due to RC bug fix. * debian/lighttpd.logrotate: fix stupid typo (closes: #437341). * debian/control: add Conflict against gamin, to avoid #437307. -- Pierre Habouzit Wed, 15 Aug 2007 09:46:48 +0200 lighttpd (1.4.16-2) unstable; urgency=low * patches/04_ldap_build_filter_fix.dpatch: add patch from Peter Colberg to fix first LDAP search that fails because of the filter being uninitialized. (closes: #419661) * Enable fam support (closes: #407820): + debian/rules: add --enable-fam configure flag. + debian/control: add libfam-dev to Build-Depends, and also wrap build-dependencies to make diff more understandable. * Enable support for kerberos (with openssl): + debian/rules; add --enable-kerberos5 configure flag. + debian/control: add libkrb5-dev to the Build-Depends. * lighttpd.logrotate: redirect stderr to /dev/null as well to prevent defunct processes (presumably due to full unread pipes/buffers) (closes: #419992). * debian/control: replace lighttpd dependency on perl with libterm-readline-perl-perl as Readline.pm is needed for lighty-enable-mod (closes: #435077). * debian/control: + Add myself to uploaders (closes: #401575). + Drop Recommands on php5-cgi, there is absolutely no reason to have it, or we would have to recommend ruby, python, lua, perl, .... and every $language on earth to be fair. (closes: #435587). * debian/conf-available/10-webdav.conf: add default configuration for webdav. (closes: #406641). * debian/conf-enabled: remove directory, it is already installed through lighttpd.dirs. * lighttpd.postinst, lighttpd.postrm, init.d: be sure there is a /var/run/lighttpd owned by www-data:www-data, helpful to store locks and things like that. -- Pierre Habouzit Fri, 03 Aug 2007 10:06:15 +0200 lighttpd (1.4.16-1) unstable; urgency=low * New upstream release (closes: #434546) * Acknowledge NMU by Pierre Habouzit for CVE-2007-2841 (closes: #428368) * Added static-file.exclude-extensions section to lighttpd.conf (closes: #408374) * Fixed description of conf-available/10-fastcgi.conf (closes: #430469) * Added mod_extforward to debian/lighttpd.install (closes: #434717) * config.guess taken from upstream (closes: #419664) * turn on compression (closes: #397514) * debian/control: XS-Vcs-Svn header added -- Krzysztof Krzyzaniak (eloy) Fri, 27 Jul 2007 10:32:51 +0200 lighttpd (1.4.15-1.1) unstable; urgency=low * Non-maintainer upload. * add patches/04_wrapping_headers_bugfix.dpatch to fix crash with wrapping headers (Closes: 428368). -- Pierre Habouzit Fri, 20 Jul 2007 11:04:07 +0200 lighttpd (1.4.15-1) unstable; urgency=low * New upstream release (closes: #419131) * 01_mod_fastcgi_missing_cleanup.dpatch is now in upstream so it's removed from patches * 04_pidfile_bugfix.dpatch is now in upstream so it's removed from patches -- Krzysztof Krzyzaniak (eloy) Fri, 06 Apr 2007 11:24:54 +0200 lighttpd (1.4.13-10) unstable; urgency=medium * 03_ldap_leak_bugfix.dpatch added from yann@pleiades.fr.eu.org (Yann Rouillard) (closes: #413917) * Lowered priority of index.lighttpd.html (closes: #397492) * We don't need now check md5 sum of index.html since we provide our own index.lighttpd.html (closes: #407794) * 04_pidfile_bugfix.dpatch by Chris Webb added - some fixes with graceful restart -- Krzysztof Krzyzaniak (eloy) Thu, 8 Mar 2007 22:18:42 +0100 lighttpd (1.4.13-9) unstable; urgency=low * debian/lighttpd.default - removed, it is not ready yet. We'll back after etch release (closes: #406021) * debian/index.html.md5 - fixed path to file (full path to index.html) -- Krzysztof Krzyzaniak (eloy) Tue, 2 Jan 2007 14:24:42 +0100 lighttpd (1.4.13-8) unstable; urgency=medium * Typo fixed in debian/lighttpd.postinst (closes: #405123) -- Krzysztof Krzyzaniak (eloy) Tue, 2 Jan 2007 13:23:25 +0100 lighttpd (1.4.13-7) unstable; urgency=low [ Franz Pletz ] * debian/conf-available/10-cgi.conf: + match /cgi-bin/ only at the beginning of a path + convert match for host == localhost to remoteip == 127.0.0.1 like in lighttpd.conf; due to bugs in mod_alias, the cgi-bin, doc and images aliases didn't work anymore * debian/lighttpd.logrotate + use reload instead of force-reload for graceful restart (closes: #398169, #380080) * added debian/patches/01_mod_fastcgi_missing_cleanup.dpatch + source: http://trac.lighttpd.net/trac/ticket/910 + fixes memleak in mod_fastcgi (closes: #400167) * added debian/patches/02_fastcgi_detach.dpatch + disconnect stderr/stdout from the terminal (closes: #368670) + point them either to errorlog or /dev/null * debian/control: added myself to Uploaders * Don't touch /var/www/index.html, create /var/www/index.lighttpd.html instead (closes: #397492) + debian/lighttpd.postinst: copy to /var/www/index.lighttpd.html + debian/lighttpd.conf: add index.lighttpd.html as first index-filename [ Krzysztof Krzyzaniak (eloy) ] * Typo fixed in index.html (closes: #403620) -- Franz Pletz Fri, 8 Dec 2006 16:15:27 +0100 lighttpd (1.4.13-6) unstable; urgency=low * debian/lighttpd.postinst: change only permission for /var/log/lighttpd/ -- Krzysztof Krzyzaniak (eloy) Mon, 4 Dec 2006 16:34:11 +0100 lighttpd (1.4.13-5) unstable; urgency=low * debian/control: + perl added to dependencies (closes: #396629) * debian/conf-available/10-fastcgi.conf: + /usr/bin/php4-cgi changed to /usr/bin/php-cgi (closes: #397142) * debian/lighttpd.postinst: fix permission of /var/log/lighttpd (closes: #398834) * debian/lighty-enable-mod - fixed bug with undefined values (closes: #397493) -- Krzysztof Krzyzaniak (eloy) Thu, 9 Nov 2006 12:18:25 +0100 lighttpd (1.4.13-4) unstable; urgency=low * fixed config file for logrotote (reload action changed to force-reload) -- Krzysztof Krzyzaniak (eloy) Thu, 26 Oct 2006 11:36:13 +0200 lighttpd (1.4.13-3) unstable; urgency=low * debian/control: libxml2-dev added to Build-Depends (closes: #394882) -- Krzysztof Krzyzaniak (eloy) Tue, 24 Oct 2006 13:31:27 +0200 lighttpd (1.4.13-2) unstable; urgency=medium * Patch from Pierre Habouzit to init.d applied (closes: #380080) * Patch from Adrian Friendli to lighttpd.conf applied (closes: #392890) -- Krzysztof Krzyzaniak (eloy) Mon, 16 Oct 2006 11:14:28 +0200 lighttpd (1.4.13-1) unstable; urgency=low * New upstream release * mod_webdav as separate lighttpd-mod-webdav package * Compiled with --with-webdav-locks, added uuid-dev to Build-Depends -- Krzysztof Krzyzaniak (eloy) Tue, 10 Oct 2006 10:26:54 +0200 lighttpd (1.4.13~r1385-1) unstable; urgency=low * New upstream release -- Krzysztof Krzyzaniak (eloy) Mon, 9 Oct 2006 10:28:32 +0200 lighttpd (1.4.13~r1370-1) unstable; urgency=low * New upstream release (closes: #390877) (closes: #389911) * Compiled with --with-attr param (closes: #389712) * dropped 01-lua5.1.dpatch, issue fixed by upstream -- Krzysztof Krzyzaniak (eloy) Thu, 5 Oct 2006 10:08:19 +0200 lighttpd (1.4.12-1) unstable; urgency=low * New upstream release * fixes in debian/lighttpd.install (closes: #377802) * mod_cml is deprecated from now on and it will be removed in 1.5.0 mod_magnet provides the same functionality and more with a cleaner syntax and in a more generic form * added separate module for mod_magnet (closes: #389578) * changed dependency from lua-5.0 to lua-5.1 * added patch patches/01-lua5.1.dpatch * added pkg-config to Build-Depends -- Krzysztof Krzyzaniak (eloy) Tue, 12 Sep 2006 19:17:41 +0200 lighttpd (1.4.12~20060907-1) unstable; urgency=low * New upstream release * Removed debian/patches/01_use_bin_sh.dpatch - fixed in upstream -- Krzysztof Krzyzaniak (eloy) Thu, 7 Sep 2006 14:50:47 +0200 lighttpd (1.4.12~20060901-1) unstable; urgency=low * New upstream release * Removed debian/patches/02_ssl_fix.dpatch - it's now fixed in upstream -- Krzysztof Krzyzaniak (eloy) Mon, 4 Sep 2006 11:07:42 +0200 lighttpd (1.4.11-8) UNRELEASED; urgency=low * debian/lighttpd.dirs: + usr/lib/cgi-bin added * debian/conf-available/10-cgi.conf + proper configuration for localhost as well (again Bug#345554) * debian/lighttpd.conf: + server.bind commented out as in default configuration (closes: #380267) * debian/patches/02_ssl_fix.dpatch - added fix for ssl connection with POST request (http://trac.lighttpd.net/trac/ticket/607), thanks to RISKO Gergely (closes: #381455) * debian/lighttpd.logrotate - some values changes (now rotate weekly and keep 12 logfiles) -- Krzysztof Krzyzaniak (eloy) Mon, 28 Aug 2006 13:06:25 +0200 lighttpd (1.4.11-7) unstable; urgency=low * debian/create-mime.assign.pl - catchup error when /etc/mime.types is not readable (closes: #375347) -- Krzysztof Krzyzaniak (eloy) Tue, 27 Jun 2006 20:19:57 +0200 lighttpd (1.4.11-6) unstable; urgency=low * debian/control: - Recommends: Changed to alternative: php4-cgi | php5-cgi (closes: #368215) * include-conf-enabled.pl script changed according to patch from Tobias Gruetzmacher (closes: #368352) * debian/lighttpd.conf: removed global for local aliases (/images/, /doc/) (closes: #366801) -- Krzysztof Krzyzaniak (eloy) Tue, 23 May 2006 16:48:36 +0200 lighttpd (1.4.11-5) unstable; urgency=low * debian/init.d: - --oknodo added to section "stop" to close finally #35979 - --retry 30 added to section "reload", to prevents problems with logrotating (closes: #366366) * debian/control: Standards-Version: increased to 3.7.2 without additional changes -- Krzysztof Krzyzaniak (eloy) Wed, 10 May 2006 14:26:04 +0200 lighttpd (1.4.11-4) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * debian/init.d: - "exit 1" after failed actions removed (closes: #359792) * debian/conf-available/10-fastcgi.conf updated (closes: #362827) thanks to Joerg Rieger [ Torsten Marek ] * Change my email address to shlomme@debian.org * Remove --background from the start action, since it breaks the error checking of start-stop-daemon. The behaviour described in #355865 is not reproducable any more. * make reload action in initscript more well-behaved -- Torsten Marek Sun, 9 Apr 2006 15:51:51 +0200 lighttpd (1.4.11-3) unstable; urgency=low * debian/lighttpd.conf - added dir-listing.encoding = "utf-8", suggested by Silvestre Zabala (closes: #359100) * debian/lighttpd.install - fix bug with installing *.conf files -- Krzysztof Krzyzaniak (eloy) Mon, 27 Mar 2006 09:50:55 +0200 lighttpd (1.4.11-2) unstable; urgency=low * Provide debian/conf-available/10-ssl.conf, (closes: #355868) -- Krzysztof Krzyzaniak (eloy) Fri, 24 Mar 2006 13:53:54 +0100 lighttpd (1.4.11-1) unstable; urgency=low * New upstream release (closes: #356496) * init.d script - added --background to "start" (thanks goes to Marcello Nuccio ) (closes: #355865) -- Krzysztof Krzyzaniak (eloy) Fri, 10 Mar 2006 09:51:10 +0100 lighttpd (1.4.10-6) unstable; urgency=low * Patch from on lighty-enable-mod (closes: #355773) -- Krzysztof Krzyzaniak (eloy) Wed, 8 Mar 2006 11:17:07 +0100 lighttpd (1.4.10-5) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * debian/control - libmysqlclient14-dev have to be removede because is not available in debian/sid [ Torsten Marek ] * debian/rules - build with support for LUA, libmemcache and GDBM * debian/lighttpd.install - install mod_evasive into lighttpd package * debian/control - own packages for mod_trigger_b4_dl and mod_cml * debian/control - small fixes * debian/conf-available/10-ssi.conf - comment out link to web documentation -- Torsten Marek Mon, 6 Mar 2006 12:07:29 +0100 lighttpd (1.4.10-4) unstable; urgency=low * bugfix release * Fixed bug with 10-fastcgi.conf, (closes: #353964) -- Krzysztof Krzyzaniak (eloy) Thu, 23 Feb 2006 16:14:42 +0100 lighttpd (1.4.10-3) unstable; urgency=low * lighttpd.conf - changed configuration for /images/ & /doc/ handling -- Krzysztof Krzyzaniak (eloy) Tue, 14 Feb 2006 09:57:15 +0100 lighttpd (1.4.10-2) unstable; urgency=low * debian/control - libmysqlclient14-dev added as alternative (will be easier for backports.org) * lighty-enable-mod script fixed - files with dash were skipped, thanks to Silvester Zabala for patch (closes: #352577) * install doc/lighttpd.conf as example (closes: #344961) -- Krzysztof Krzyzaniak (eloy) Mon, 13 Feb 2006 12:58:54 +0100 lighttpd (1.4.10-1) unstable; urgency=low * New upstream release -- Krzysztof Krzyzaniak (eloy) Wed, 8 Feb 2006 16:02:16 +0100 lighttpd (1.4.9-5) unstable; urgency=low * Properly fixed bug with overwritting index.html (closes: #349676) -- Krzysztof Krzyzaniak (eloy) Mon, 30 Jan 2006 10:17:57 +0100 lighttpd (1.4.9-4) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * Fixed bug with 10-userdir.conf, (closes: #349821) * index.html is not replaced when md5 string desn't match (closes: #349676) -- Krzysztof Krzyzaniak (eloy) Wed, 25 Jan 2006 16:33:34 +0100 lighttpd (1.4.9-3) unstable; urgency=low [ Torsten Marek ] * Added some configuration examples from upstream sample configuration * Implement "reload" init.d action with graceful restart, taken from http://trac.lighttpd.net/trac/ticket/267 (Closes: #346038) * ssi, auth, fastcgi, proxy and simple-vhost are now in separte config files * Put path to plugin documentation into every config snippet * Build against libmysqlclient15 -- Torsten Marek Sat, 21 Jan 2006 15:16:01 +0100 lighttpd (1.4.9-2) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * mod_alias enabled by default - removed conf-avaiable/00-alias.conf * Added handling of http://localhost/doc/ & http://localhost/images/ (closes: #348823) -- Krzysztof Krzyzaniak (eloy) Thu, 19 Jan 2006 12:39:04 +0100 lighttpd (1.4.9-1) unstable; urgency=low * New upstream release * Closing bug from not uploaded release 1.4.8-5, (closes: #347737) -- Krzysztof Krzyzaniak (eloy) Mon, 16 Jan 2006 20:06:39 +0100 lighttpd (1.4.8-5) unstable; urgency=low * create /var/www directory (closes: #347737), default /var/www/index.html added (based on apache2 index.html file). -- Krzysztof Krzyzaniak (eloy) Thu, 12 Jan 2006 16:54:32 +0100 lighttpd (1.4.8-4) unstable; urgency=low * fixed permissions and directories (closes: #347565) -- Krzysztof Krzyzaniak (eloy) Wed, 11 Jan 2006 17:15:12 +0100 lighttpd (1.4.8-3) unstable; urgency=low * New configuration layout (closes: #345554) (closes: #344959), read /etc/lighttpd/conf-available/README - conf-available directory for all templates - conf-enabled directory for enabled modules -- Krzysztof Krzyzaniak (eloy) Mon, 9 Jan 2006 13:49:34 +0100 lighttpd (1.4.8-2) unstable; urgency=low [ Krzysztof Krzyzaniak (eloy) ] * debian/control: lsb-base dependency narrowed to (>= 3.0-3) * create-mime.assign.pl set as executable (closes: #344938) -- Krzysztof Krzyzaniak (eloy) Wed, 28 Dec 2005 12:40:55 +0100 lighttpd (1.4.8-1) unstable; urgency=low * New upstream version (closes: #304271) * Does not rely on $SHELL to execute external commands -- Torsten Marek Sat, 26 Nov 2005 11:48:51 +0100 lighttpd (1.4.7-1) unstable; urgency=low * New upstream version, Initial debian version * Better debian/rules file * Split mysql vhost module into separate package * Create separate package for documentation * Create a better init script -- Torsten Marek Sat, 5 Nov 2005 18:56:53 +0100